Implemented for shadow servers using the new "exec" auth module in r17780.
With platform support for macos added in r17781 + r17825 + r17822, win32 in r17783, and RPM + DEB packaging in r17782.

Usage:

xpra shadow --bind-tcp=0.0.0.0:10000 --tcp-auth=exec

This will popup a dialog asking if the new connection should be allowed or not.

This new auth module has two configuration options:

timeout: the delay in seconds before we terminate the command and fail, ie: tcp-auth=exec:timeout=60

command, ie: tcp-auth=exec:command=/bin/true. The command will be given the request message (ie: Connection request from ...) and the timeout as arguments. It should return 0 to allow the connection, any other value to reject it. By default, we use the "auth_dialog" tool that we ship. (just a simple yes-no dialog)

As per #1728, this can now be combined with other auth modules. (ie: password + request, or tcp-wrappers + request, etc)

This is only useful for "shadow" sessions since there will be an existing display connected where the user can accept the request.